Skip to content
/ Burp2Brute Public

Convert Burp Suite captures to Brute Ratel C4 malleable profiles

License

MIT license
7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mochabyte0x/Burp2Brute

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
core
core
 
 
resources
resources
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
burp2brute.py
burp2brute.py
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Burp2Brute

Convert Burp Suite captures to Brute Ratel C4 malleable profiles.

Note

Capture legitimate traffic in Burp, export as XML, run through this tool, get a C2 profile that blends in.

Features

  • Interactive selection of C2 URIs from captured requests
  • Header extraction from real traffic
  • Configurable body injection points (prepend/append)
  • Color-coded diff showing changes vs template
  • Remembers your last selections (~/.burp2bruterc)
  • Dry-run mode for previewing before writing

Install

# Best through pipx
pipx install .

# or just deps
pip install termcolor

Usage

# if installed via pip
burp2brute -f <burp_export.xml> [options]

# or run directly
python burp2brute.py -f <burp_export.xml> [options]
Flag Description
-f, --file Burp XML export (required)
-o, --output Output file (default: output.json)
-t, --template Custom BRC4 template
-d, --dry-run Preview profile without writing
--clear-rc Clear saved selections

Examples

# basic
burp2brute -f captured.xml

# custom output
burp2brute -f captured.xml -o cdn_profile.json

# preview first
burp2brute -f captured.xml -d

# fresh start (clear remembered choices)
burp2brute -f captured.xml --clear-rc

Workflow

  1. Capture target traffic in Burp (CDN, SaaS app, whatever you're impersonating)
  2. Export: Right-click (can be multitple requests) > Save items > XML format
  3. Run tool, follow prompts:
    • Pick which URIs become C2 paths
    • Pick request for header extraction
    • Configure body injection points
    • Set empty/heartbeat response
  4. Get JSON profile, load into BRC4

Profile Diff

After generation, shows what changed from template:

=== Profile Diff (vs template) ===
  + listeners.default.c2_uri: ['api/v2/sync', 'cdn/assets']
  ~ listeners.default.useragent:
      old: Mozilla/5.0 (Windows NT 10.0; Win64; x64)...
      new: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)...
  ~ listeners.default.request_headers:
      old: {}
      new: {'Accept': 'application/json', 'X-Request-ID': ...

Saved Selections

Tool remembers your choices in ~/.burp2bruterc:

  • C2 URI indices
  • Main request index
  • Body split choices
  • Empty response choice

Press Enter at prompts to reuse last selection. Use --clear-rc to reset.

Burp Export Format

<items>
  <item>
    <url>https://cdn.example.com/api/sync</url>
    <host>cdn.example.com</host>
    <method>POST</method>
    <request base64="true">R0VUIC9hcGkv...</request>
    <response base64="true">SFRUUC8xLjEg...</response>
  </item>
</items>

License

Do whatever you want with it.

References

CodeXTF2 - https://github.com/CodeXTF2/Burp2Malleable

About

Convert Burp Suite captures to Brute Ratel C4 malleable profiles

Topics

burpsuite malleable-c2-profiles malleablec2 brute-ratel brute-ratel-c4

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages